Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-07-31 12:02:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SECUR32][NTOS]: Update the LSA export signatures for the functions that are implemented in the "lsalib" library.

Browse source 
[LSALIB]
- Add old-school annotations (as we currently do in our main .c code of our stuff).
- Mention that LsaConnectUntrusted is not an API that is exported (& implemented) by ntoskrnl.
- For LsaRegisterLogonProcess, we first wait for the LSA server to be ready (by waiting on its initialization event). This is TODO for LsaConnectUntrusted on the contrary.

[LSALIB][NTOS]
Usa the lsalib as the implementation of the LSA functions exported by ntoskrnl. But for that we need to recompile the lsalib as a library that can be used from inside ntoskrnl, because it needs some functions that are normally exported by ntos. For this purpose I add the library target "ntlsalib" (which also specify different #defines), to differentiate it from the (user-mode) "lsalib" one that is used by secur32.dll (Amine, if you have a better idea on how to do that, please let me know!).

svn path=/trunk/; revision=72751
This commit is contained in:
Hermès Bélusca-Maïto 2016-09-20 23:43:16 +00:00
parent 7d07b21168
commit 9bc48b336f
7 changed files with 152 additions and 189 deletions
Download patch file Download diff file Expand all files Collapse all files

6
reactos/dll/win32/secur32/secur32.spec
View file

@ -32,13 +32,13 @@
@ stdcall InitializeSecurityContextA(ptr ptr str long long long ptr long ptr ptr ptr ptr)
@ stdcall InitializeSecurityContextW(ptr ptr wstr long long long ptr long ptr ptr ptr ptr)
@ stdcall LsaCallAuthenticationPackage(long long ptr long ptr ptr ptr)
@ stdcall LsaConnectUntrusted(long)
@ stdcall LsaConnectUntrusted(ptr)
@ stdcall LsaDeregisterLogonProcess(long)
@ stdcall LsaEnumerateLogonSessions(ptr ptr)
@ stdcall LsaFreeReturnBuffer(ptr)
@ stdcall LsaGetLogonSessionData(ptr ptr)
@ stdcall LsaLogonUser(ptr ptr long long ptr long ptr ptr ptr ptr ptr ptr ptr ptr)
@ stdcall LsaLookupAuthenticationPackage(ptr ptr ptr)
@ stdcall LsaLogonUser(long ptr long long ptr long ptr ptr ptr ptr ptr ptr ptr ptr)
@ stdcall LsaLookupAuthenticationPackage(long ptr ptr)
@ stdcall LsaRegisterLogonProcess(ptr ptr ptr)
@ stdcall LsaRegisterPolicyChangeNotification(long ptr)
@ stdcall LsaUnregisterPolicyChangeNotification(long ptr)

2
reactos/ntoskrnl/CMakeLists.txt
View file

@ -37,7 +37,7 @@ else()
endif()
endif()
target_link_libraries(ntoskrnl cportlib csq ${PSEH_LIB} cmlib rtl ${ROSSYM_LIB} libcntpr wdmguid ioevent)
target_link_libraries(ntoskrnl cportlib csq ${PSEH_LIB} cmlib ntlsalib rtl ${ROSSYM_LIB} libcntpr wdmguid ioevent)
if(STACK_PROTECTOR)
target_link_libraries(ntoskrnl gcc_ssp)

2
reactos/ntoskrnl/ntkrnlmp/CMakeLists.txt
View file

@ -39,7 +39,7 @@ elseif(RUNTIME_CHECKS)
target_link_libraries(ntkrnlmp runtmchk)
endif()
target_link_libraries(ntkrnlmp cportlib csq ${PSEH_LIB} cmlib rtl ${ROSSYM_LIB} libcntpr wdmguid ioevent)
target_link_libraries(ntkrnlmp cportlib csq ${PSEH_LIB} cmlib ntlsalib rtl ${ROSSYM_LIB} libcntpr wdmguid ioevent)
add_importlibs(ntkrnlmp hal kdcom bootvid)
add_pch(ntkrnlmp ${REACTOS_SOURCE_DIR}/ntoskrnl/include/ntoskrnl.h NTKRNLMP_SOURCE)
add_dependencies(ntkrnlmp psdk bugcodes asm)

8
reactos/ntoskrnl/ntoskrnl.spec
View file

@ -742,11 +742,11 @@
@ extern LpcPortObjectType
@ stdcall LpcRequestPort(ptr ptr)
@ stdcall LpcRequestWaitReplyPort(ptr ptr ptr)
@ stdcall LsaCallAuthenticationPackage(long long long long long long long)
@ stdcall LsaDeregisterLogonProcess(long long)
@ stdcall LsaCallAuthenticationPackage(long long ptr long ptr ptr ptr)
@ stdcall LsaDeregisterLogonProcess(long)
@ stdcall LsaFreeReturnBuffer(ptr)
@ stdcall LsaLogonUser(ptr ptr long long ptr long ptr ptr ptr ptr ptr ptr ptr ptr)
@ stdcall LsaLookupAuthenticationPackage(long long long)
@ stdcall LsaLogonUser(long ptr long long ptr long ptr ptr ptr ptr ptr ptr ptr ptr)
@ stdcall LsaLookupAuthenticationPackage(long ptr ptr)
@ stdcall LsaRegisterLogonProcess(ptr ptr ptr)
@ extern Mm64BitPhysicalAddress
@ stdcall MmAddPhysicalMemory(ptr ptr)

93
reactos/ntoskrnl/se/lsa.c
View file

@ -16,92 +16,15 @@
/* FUNCTIONS ******************************************************************/
/*
* @unimplemented
* NOTE: The following LSA functions:
* LsaCallAuthenticationPackage
* LsaFreeReturnBuffer
* LsaLogonUser
* LsaLookupAuthenticationPackage
* LsaRegisterLogonProcess
* LsaDeregisterLogonProcess
* are already implemented in the 'lsalib' library (sdk/lib/lsalib/lsa.c).
*/
NTSTATUS
NTAPI
LsaCallAuthenticationPackage(ULONG Unknown0,
ULONG Unknown1,
ULONG Unknown2,
ULONG Unknown3,
ULONG Unknown4,
ULONG Unknown5,
ULONG Unknown6)
{
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
LsaDeregisterLogonProcess(ULONG Unknown0,
ULONG Unknown1)
{
return STATUS_NOT_IMPLEMENTED;
}
/*
* @implemented
*/
NTSTATUS
NTAPI
LsaFreeReturnBuffer(PVOID Buffer)
{
SIZE_T Size = 0;
return ZwFreeVirtualMemory(NtCurrentProcess(),
&Buffer,
&Size,
MEM_RELEASE);
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
LsaLogonUser(IN HANDLE LsaHandle,
IN PLSA_STRING OriginName,
IN SECURITY_LOGON_TYPE LogonType,
IN ULONG AuthenticationPackage,
IN PVOID AuthenticationInformation,
IN ULONG AuthenticationInformationLength,
IN PTOKEN_GROUPS LocalGroups OPTIONAL,
IN PTOKEN_SOURCE SourceContext,
OUT PVOID *ProfileBuffer,
OUT PULONG ProfileBufferLength,
OUT PLUID LogonId,
OUT PHANDLE Token,
OUT PQUOTA_LIMITS Quotas,
OUT PNTSTATUS SubStatus)
{
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
LsaLookupAuthenticationPackage(ULONG Unknown0,
ULONG Unknown1,
ULONG Unknown2)
{
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
LsaRegisterLogonProcess(IN PLSA_STRING LogonProcessName,
OUT PHANDLE LsaHandle,
OUT PLSA_OPERATIONAL_MODE SecurityMode)
{
return STATUS_NOT_IMPLEMENTED;
}
/*
* @unimplemented

5
reactos/sdk/lib/lsalib/CMakeLists.txt
View file

@ -1,4 +1,9 @@
include_directories(${REACTOS_SOURCE_DIR}/sdk/include/reactos/subsys)
add_library(lsalib lsa.c)
add_dependencies(lsalib xdk)
add_library(ntlsalib lsa.c)
add_target_compile_definitions(ntlsalib _NTSYSTEM_)
add_dependencies(ntlsalib xdk)

225
reactos/sdk/lib/lsalib/lsa.c
View file

@ -9,12 +9,13 @@
/* INCLUDES ******************************************************************/
#include <ndk/exfuncs.h>
#include <ndk/lpctypes.h>
#include <ndk/lpcfuncs.h>
#include <ndk/mmfuncs.h>
#include <ndk/rtlfuncs.h>
#include <ndk/obfuncs.h>
#include <psdk/ntsecapi.h>
// #include <psdk/ntsecapi.h>
#include <lsass/lsass.h>
#define NDEBUG
@ -22,67 +23,35 @@
/* GLOBALS *******************************************************************/
// FIXME: Do we really need this?!
#if !defined(__NTOSKRNL__) && !defined(_NTOSKRNL_) && !defined(_NTSYSTEM_)
extern HANDLE Secur32Heap;
#endif
/* FUNCTIONS *****************************************************************/
/* This API is not defined and exported by NTOSKRNL */
#if !defined(__NTOSKRNL__) && !defined(_NTOSKRNL_) && !defined(_NTSYSTEM_)
/*
* @implemented
*/
NTSTATUS
WINAPI
LsaDeregisterLogonProcess(HANDLE LsaHandle)
NTAPI
LsaConnectUntrusted(OUT PHANDLE LsaHandle)
{
LSA_API_MSG ApiMessage;
NTSTATUS Status;
DPRINT("LsaDeregisterLogonProcess()\n");
ApiMessage.ApiNumber = LSASS_REQUEST_DEREGISTER_LOGON_PROCESS;
ApiMessage.h.u1.s1.DataLength = LSA_PORT_DATA_SIZE(ApiMessage.DeregisterLogonProcess);
ApiMessage.h.u1.s1.TotalLength = LSA_PORT_MESSAGE_SIZE;
ApiMessage.h.u2.ZeroInit = 0;
Status = ZwRequestWaitReplyPort(LsaHandle,
(PPORT_MESSAGE)&ApiMessage,
(PPORT_MESSAGE)&ApiMessage);
if (!NT_SUCCESS(Status))
{
DPRINT1("ZwRequestWaitReplyPort() failed (Status 0x%08lx)\n", Status);
return Status;
}
if (!NT_SUCCESS(ApiMessage.Status))
{
DPRINT1("ZwRequestWaitReplyPort() failed (ApiMessage.Status 0x%08lx)\n", ApiMessage.Status);
return ApiMessage.Status;
}
NtClose(LsaHandle);
DPRINT("LsaDeregisterLogonProcess() done (Status 0x%08lx)\n", Status);
return Status;
}
/*
* @implemented
*/
NTSTATUS
WINAPI
LsaConnectUntrusted(PHANDLE LsaHandle)
{
UNICODE_STRING PortName; // = RTL_CONSTANT_STRING(L"\\LsaAuthenticationPort");
SECURITY_QUALITY_OF_SERVICE SecurityQos;
LSA_CONNECTION_INFO ConnectInfo;
ULONG ConnectInfoLength = sizeof(ConnectInfo);
NTSTATUS Status;
DPRINT("LsaConnectUntrusted(%p)\n", LsaHandle);
RtlInitUnicodeString(&PortName,
L"\\LsaAuthenticationPort");
// TODO: Wait on L"\\SECURITY\\LSA_AUTHENTICATION_INITIALIZED" event
// for the LSA server to be ready, and because we are untrusted,
// we may need to impersonate ourselves before!
RtlInitUnicodeString(&PortName, L"\\LsaAuthenticationPort");
SecurityQos.Length = sizeof(SecurityQos);
SecurityQos.ImpersonationLevel = SecurityIdentification;
@ -115,23 +84,23 @@ LsaConnectUntrusted(PHANDLE LsaHandle)
return ConnectInfo.Status;
}
#endif
/*
* @implemented
*/
NTSTATUS
WINAPI
LsaCallAuthenticationPackage(HANDLE LsaHandle,
ULONG AuthenticationPackage,
PVOID ProtocolSubmitBuffer,
ULONG SubmitBufferLength,
PVOID *ProtocolReturnBuffer,
PULONG ReturnBufferLength,
PNTSTATUS ProtocolStatus)
NTAPI
LsaCallAuthenticationPackage(IN HANDLE LsaHandle,
IN ULONG AuthenticationPackage,
IN PVOID ProtocolSubmitBuffer,
IN ULONG SubmitBufferLength,
OUT PVOID *ProtocolReturnBuffer,
OUT PULONG ReturnBufferLength,
OUT PNTSTATUS ProtocolStatus)
{
LSA_API_MSG ApiMessage;
NTSTATUS Status;
LSA_API_MSG ApiMessage;
DPRINT1("LsaCallAuthenticationPackage()\n");
@ -171,14 +140,13 @@ LsaCallAuthenticationPackage(HANDLE LsaHandle,
* @implemented
*/
NTSTATUS
WINAPI
LsaFreeReturnBuffer(PVOID Buffer)
NTAPI
LsaFreeReturnBuffer(IN PVOID Buffer)
{
ULONG Length = 0;
SIZE_T Size = 0;
return ZwFreeVirtualMemory(NtCurrentProcess(),
&Buffer,
&Length,
&Size,
MEM_RELEASE);
}
@ -187,13 +155,13 @@ LsaFreeReturnBuffer(PVOID Buffer)
* @implemented
*/
NTSTATUS
WINAPI
LsaLookupAuthenticationPackage(HANDLE LsaHandle,
PLSA_STRING PackageName,
PULONG AuthenticationPackage)
NTAPI
LsaLookupAuthenticationPackage(IN HANDLE LsaHandle,
IN PLSA_STRING PackageName,
OUT PULONG AuthenticationPackage)
{
LSA_API_MSG ApiMessage;
NTSTATUS Status;
LSA_API_MSG ApiMessage;
/* Check the package name length */
if (PackageName->Length > LSASS_MAX_PACKAGE_NAME_LENGTH)
@ -210,7 +178,7 @@ LsaLookupAuthenticationPackage(HANDLE LsaHandle,
strncpy(ApiMessage.LookupAuthenticationPackage.Request.PackageName,
PackageName->Buffer,
ApiMessage.LookupAuthenticationPackage.Request.PackageNameLength);
ApiMessage.LookupAuthenticationPackage.Request.PackageName[ApiMessage.LookupAuthenticationPackage.Request.PackageNameLength] = '\0';
ApiMessage.LookupAuthenticationPackage.Request.PackageName[ApiMessage.LookupAuthenticationPackage.Request.PackageNameLength] = ANSI_NULL;
Status = ZwRequestWaitReplyPort(LsaHandle,
(PPORT_MESSAGE)&ApiMessage,
@ -235,24 +203,24 @@ LsaLookupAuthenticationPackage(HANDLE LsaHandle,
* @implemented
*/
NTSTATUS
WINAPI
LsaLogonUser(HANDLE LsaHandle,
PLSA_STRING OriginName,
SECURITY_LOGON_TYPE LogonType,
ULONG AuthenticationPackage,
PVOID AuthenticationInformation,
ULONG AuthenticationInformationLength,
PTOKEN_GROUPS LocalGroups,
PTOKEN_SOURCE SourceContext,
PVOID *ProfileBuffer,
PULONG ProfileBufferLength,
PLUID LogonId,
PHANDLE Token,
PQUOTA_LIMITS Quotas,
PNTSTATUS SubStatus)
NTAPI
LsaLogonUser(IN HANDLE LsaHandle,
IN PLSA_STRING OriginName,
IN SECURITY_LOGON_TYPE LogonType,
IN ULONG AuthenticationPackage,
IN PVOID AuthenticationInformation,
IN ULONG AuthenticationInformationLength,
IN PTOKEN_GROUPS LocalGroups OPTIONAL,
IN PTOKEN_SOURCE SourceContext,
OUT PVOID *ProfileBuffer,
OUT PULONG ProfileBufferLength,
OUT PLUID LogonId,
OUT PHANDLE Token,
OUT PQUOTA_LIMITS Quotas,
OUT PNTSTATUS SubStatus)
{
LSA_API_MSG ApiMessage;
NTSTATUS Status;
LSA_API_MSG ApiMessage;
ApiMessage.ApiNumber = LSASS_REQUEST_LOGON_USER;
ApiMessage.h.u1.s1.DataLength = LSA_PORT_DATA_SIZE(ApiMessage.LogonUser);
@ -300,25 +268,53 @@ LsaLogonUser(HANDLE LsaHandle,
* @implemented
*/
NTSTATUS
WINAPI
LsaRegisterLogonProcess(PLSA_STRING LsaLogonProcessName,
PHANDLE Handle,
PLSA_OPERATIONAL_MODE OperationalMode)
NTAPI
LsaRegisterLogonProcess(IN PLSA_STRING LogonProcessName,
OUT PHANDLE LsaHandle,
OUT PLSA_OPERATIONAL_MODE OperationalMode)
{
NTSTATUS Status;
HANDLE EventHandle;
UNICODE_STRING PortName; // = RTL_CONSTANT_STRING(L"\\LsaAuthenticationPort");
OBJECT_ATTRIBUTES ObjectAttributes;
SECURITY_QUALITY_OF_SERVICE SecurityQos;
LSA_CONNECTION_INFO ConnectInfo;
ULONG ConnectInfoLength = sizeof(ConnectInfo);
NTSTATUS Status;
DPRINT("LsaRegisterLogonProcess()\n");
/* Check the logon process name length */
if (LsaLogonProcessName->Length > LSASS_MAX_LOGON_PROCESS_NAME_LENGTH)
if (LogonProcessName->Length > LSASS_MAX_LOGON_PROCESS_NAME_LENGTH)
return STATUS_NAME_TOO_LONG;
RtlInitUnicodeString(&PortName,
L"\\LsaAuthenticationPort");
/*
* First check whether the LSA server is ready:
* open the LSA event and wait on it.
*/
// Note that we just reuse the 'PortName' variable here.
RtlInitUnicodeString(&PortName, L"\\SECURITY\\LSA_AUTHENTICATION_INITIALIZED");
InitializeObjectAttributes(&ObjectAttributes,
&PortName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = NtOpenEvent(&EventHandle, SYNCHRONIZE, &ObjectAttributes);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtOpenEvent failed (Status 0x%08lx)\n", Status);
return Status;
}
Status = NtWaitForSingleObject(EventHandle, TRUE, NULL);
NtClose(EventHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("NtWaitForSingleObject failed (Status 0x%08lx)\n", Status);
return Status;
}
/* Now attempt the connection */
RtlInitUnicodeString(&PortName, L"\\LsaAuthenticationPort");
SecurityQos.Length = sizeof(SecurityQos);
SecurityQos.ImpersonationLevel = SecurityIdentification;
@ -326,13 +322,13 @@ LsaRegisterLogonProcess(PLSA_STRING LsaLogonProcessName,
SecurityQos.EffectiveOnly = TRUE;
strncpy(ConnectInfo.LogonProcessNameBuffer,
LsaLogonProcessName->Buffer,
LsaLogonProcessName->Length);
ConnectInfo.Length = LsaLogonProcessName->Length;
ConnectInfo.LogonProcessNameBuffer[ConnectInfo.Length] = '\0';
LogonProcessName->Buffer,
LogonProcessName->Length);
ConnectInfo.Length = LogonProcessName->Length;
ConnectInfo.LogonProcessNameBuffer[ConnectInfo.Length] = ANSI_NULL;
ConnectInfo.CreateContext = TRUE;
Status = ZwConnectPort(Handle,
Status = ZwConnectPort(LsaHandle,
&PortName,
&SecurityQos,
NULL,
@ -357,3 +353,42 @@ LsaRegisterLogonProcess(PLSA_STRING LsaLogonProcessName,
return ConnectInfo.Status;
}
/*
* @implemented
*/
NTSTATUS
NTAPI
LsaDeregisterLogonProcess(IN HANDLE LsaHandle)
{
NTSTATUS Status;
LSA_API_MSG ApiMessage;
DPRINT("LsaDeregisterLogonProcess()\n");
ApiMessage.ApiNumber = LSASS_REQUEST_DEREGISTER_LOGON_PROCESS;
ApiMessage.h.u1.s1.DataLength = LSA_PORT_DATA_SIZE(ApiMessage.DeregisterLogonProcess);
ApiMessage.h.u1.s1.TotalLength = LSA_PORT_MESSAGE_SIZE;
ApiMessage.h.u2.ZeroInit = 0;
Status = ZwRequestWaitReplyPort(LsaHandle,
(PPORT_MESSAGE)&ApiMessage,
(PPORT_MESSAGE)&ApiMessage);
if (!NT_SUCCESS(Status))
{
DPRINT1("ZwRequestWaitReplyPort() failed (Status 0x%08lx)\n", Status);
return Status;
}
if (!NT_SUCCESS(ApiMessage.Status))
{
DPRINT1("ZwRequestWaitReplyPort() failed (ApiMessage.Status 0x%08lx)\n", ApiMessage.Status);
return ApiMessage.Status;
}
NtClose(LsaHandle);
DPRINT("LsaDeregisterLogonProcess() done (Status 0x%08lx)\n", Status);
return Status;
}